Host *
	# Disable forwarding
	Tunnel no
	ForwardAgent no
	ForwardX11 no
	ForwardX11Trusted no
	GatewayPorts no

	# Add host ip check which provides extra security against dns spoofing
	CheckHostIP yes

	# Hash known_hosts to prevent compromised entries
	HashKnownHosts yes

	# Ask before accepting any new host key
	StrictHostKeyChecking ask

	# Disable buggy compression
	Compression no

	# Authentication methods
	PasswordAuthentication yes
	PubkeyAuthentication yes
	PreferredAuthentications publickey,password

	# Disable obsolete authentication methods
	ChallengeResponseAuthentication no
	GSSAPIAuthentication no
	HostbasedAuthentication no

	# Prevent connection timeouts
	ServerAliveInterval 90

	# Number of password retries
	NumberOfPasswordPrompts 5

	# Show ASCII of server's host key
	VisualHostKey yes
